Python: Move query tests to reflect new file layout

2026-05-04 05:05:12 +02:00 · 2021-02-16 13:15:01 +01:00
parent 1d6f9bee08
commit 8494fcf45f
114 changed files with 12 additions and 10 deletions
--- a/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/BrokenCryptoAlgorithm.expected
+++ b/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/BrokenCryptoAlgorithm.expected
@@ -0,0 +1,8 @@
+edges
+| test_cryptography.py:5:17:5:30 | a password | test_cryptography.py:8:29:8:37 | a password |
+| test_cryptography.py:5:17:5:30 | a password | test_cryptography.py:8:29:8:37 | a password |
+| test_pycrypto.py:5:17:5:30 | a password | test_pycrypto.py:7:27:7:35 | a password |
+| test_pycrypto.py:5:17:5:30 | a password | test_pycrypto.py:7:27:7:35 | a password |
+#select
+| test_cryptography.py:8:29:8:37 | dangerous | test_cryptography.py:5:17:5:30 | a password | test_cryptography.py:8:29:8:37 | a password | $@ is used in a broken or weak cryptographic algorithm. | test_cryptography.py:5:17:5:30 | get_password() | Sensitive data |
+| test_pycrypto.py:7:27:7:35 | dangerous | test_pycrypto.py:5:17:5:30 | a password | test_pycrypto.py:7:27:7:35 | a password | $@ is used in a broken or weak cryptographic algorithm. | test_pycrypto.py:5:17:5:30 | get_password() | Sensitive data |
--- a/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/BrokenCryptoAlgorithm.qlref
+++ b/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/BrokenCryptoAlgorithm.qlref
@@ -0,0 +1 @@
+Security/Crypto/WeakCryptoAlgorithm/WeakCryptoAlgorithm.ql
--- a/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/TestNode.expected
+++ b/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/TestNode.expected
@@ -0,0 +1,12 @@
+| Taint Crypto.Cipher.ARC4 | test_pycrypto.py:6:14:6:27 | test_pycrypto.py:6 | test_pycrypto.py:6:14:6:27 | Attribute() |  |
+| Taint Crypto.Cipher.ARC4 | test_pycrypto.py:7:12:7:17 | test_pycrypto.py:7 | test_pycrypto.py:7:12:7:17 | cipher |  |
+| Taint cryptography.Cipher.RC4 | test_cryptography.py:6:14:6:47 | test_cryptography.py:6 | test_cryptography.py:6:14:6:47 | Cipher() |  |
+| Taint cryptography.Cipher.RC4 | test_cryptography.py:7:17:7:22 | test_cryptography.py:7 | test_cryptography.py:7:17:7:22 | cipher |  |
+| Taint cryptography.encryptor.RC4 | test_cryptography.py:7:17:7:34 | test_cryptography.py:7 | test_cryptography.py:7:17:7:34 | Attribute() |  |
+| Taint cryptography.encryptor.RC4 | test_cryptography.py:8:12:8:20 | test_cryptography.py:8 | test_cryptography.py:8:12:8:20 | encryptor |  |
+| Taint cryptography.encryptor.RC4 | test_cryptography.py:8:42:8:50 | test_cryptography.py:8 | test_cryptography.py:8:42:8:50 | encryptor |  |
+| Taint sensitive.data.password | test_cryptography.py:5:17:5:30 | test_cryptography.py:5 | test_cryptography.py:5:17:5:30 | get_password() |  |
+| Taint sensitive.data.password | test_cryptography.py:8:29:8:37 | test_cryptography.py:8 | test_cryptography.py:8:29:8:37 | dangerous |  |
+| Taint sensitive.data.password | test_cryptography.py:8:42:8:50 | test_cryptography.py:8 | test_cryptography.py:8:42:8:50 | encryptor |  |
+| Taint sensitive.data.password | test_pycrypto.py:5:17:5:30 | test_pycrypto.py:5 | test_pycrypto.py:5:17:5:30 | get_password() |  |
+| Taint sensitive.data.password | test_pycrypto.py:7:27:7:35 | test_pycrypto.py:7 | test_pycrypto.py:7:27:7:35 | dangerous |  |
--- a/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/TestNode.ql
+++ b/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/TestNode.ql
@@ -0,0 +1,9 @@
+import python
+import semmle.python.dataflow.TaintTracking
+import python
+import semmle.python.security.SensitiveData
+import semmle.python.security.Crypto
+
+from TaintedNode n, AstNode src
+where src = n.getAstNode() and src.getLocation().getFile().getAbsolutePath().matches("%test%")
+select "Taint " + n.getTaintKind(), n.getLocation(), src, n.getContext()
--- a/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/options
+++ b/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/options
@@ -0,0 +1 @@
+semmle-extractor-options: -p ../../lib --max-import-depth=3
--- a/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/test_cryptography.py
+++ b/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/test_cryptography.py
@@ -0,0 +1,9 @@
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
+from secrets_store import get_password
+
+def get_badly_encrypted_password():
+    dangerous = get_password()
+    cipher = Cipher(algorithms.ARC4(key), _, _)
+    encryptor = cipher.encryptor()
+    return encryptor.update(dangerous) + encryptor.finalize()
+
--- a/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/test_pycrypto.py
+++ b/python/ql/test/query-tests/Security/Crypto/WeakCryptoAlgorithm/test_pycrypto.py
@@ -0,0 +1,8 @@
+from Crypto.Cipher import ARC4
+from secrets_store import get_password
+
+def get_badly_encrypted_password():
+    dangerous = get_password()
+    cipher = ARC4.new(_, _)
+    return cipher.encrypt(dangerous)
+
				`@@ -0,0 +1 @@`
				`Security/Crypto/WeakCryptoAlgorithm/WeakCryptoAlgorithm.ql`
				`@@ -0,0 +1 @@`
				`semmle-extractor-options: -p ../../lib --max-import-depth=3`